Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

Chasing the Keystroke Capturers

If anti-stealthware vendors operated more like anti-virus vendors, you might just be able to monitor your enterprise for keylogging software. As it is, youre out of luck.

By

June 19, 2003CSO — JUNE 19, 2003Last week, as Secret Service agent Kent McCarthy and attorney Eric Friedberg closed a presentation they were giving to members of the New York Electronic Crimes Task Force, they flashed an IP address on the screen before taking questions from the audience. Right away, a hand shot up near the front of the auditorium, but the speaker didnt want clarification of their case study. He wanted them to put the IP address back up, so that he could write it down.

The address in question is supposedly used by a perfectly legal piece of software called eBlaster, which the company SpectorSoft markets as a way to keep track of what your spouse or children are doing online. Operating in stealth mode, the software tracks every single keystroke entered into a computer, from instant messages to passwords, and records every e-mail sent and received and website visited. Then, it sends all the data to an IP address, where it is anonymously relayed to whomever has installed the software. (Or rather, it is anonymously relayed to whomever has caused the software to be installedone of SpectorSofts points of pride is that eBlaster can be hidden in an e-mail attachment so the user installs it unknowingly. The company only half-heartedly points out that if you do this without the computer owners permission, you could be breaking the law.)

In short, eBlaster is the creepy kind of technology that sells more tickets to The Matrix Reloaded than its lissome leads. No surprise then that in the case described, it was being used by a criminal to monitor the e-mail activity of an unnamed companys executives.

Even more disturbing, however, was McCarthy and Friedbergs advice for how CIOs and CSOs could make sure the software wasnt installed on any of their companys PCs: by checking their system logs for the aforementioned IP address, which they indicated should not have any legitimate traffic. That would be about as efficient as checking for computer viruses one e-mail at a time.

The fact is that eBlaster is just one of a growing number of keystroke capturing programs, sometimes known as keyloggers and more broadly dubbed as spyware. Some are marketed to parents, spouses, employers and investigators for allegedly legitimate purposes; others are not sold so much as traded by hackers or passed on through computer viruses like Fizzer. These are incredibly powerful programs. In April, a former Boston College student pleaded guilty to installing keystroke capturing software on more than 100 campus computers and using it to steal personal information about 4,000 students, faculty and staff.

RESOURCE CENTER